cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
572
Views
65
Helpful
23
Replies
Highlighted
Beginner

900 ISR DHCP WAN gi5 port No Internet

Hi!

 

Current network has Asus router connect to ISP Modem, local network is working ok.

Cisco Router connected to the local network switch -> router WAN port gi5

 

I am trying to test if the gi5 WAN port on dhcp is working 

 

I could not ping from router to 8.8.8.8 

R1(config)#int gi5
R1(config-if)#do ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

 

 


interface GigabitEthernet3
switchport access vlan 20
switchport mode access
no ip address
!
interface GigabitEthernet4
ip address dhcp
duplex auto
speed auto
!
interface GigabitEthernet5
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan20
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip nat inside source list list1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
ip access-list standard list1
permit any
!
!
!
access-list 1 permit 0.0.0.0 255.255.255.0

 

What did I miss?

 

Much appreciate your assistance! Thank you!

5 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
VIP Mentor

NVI0 192.168.2.1 YES unset up up
Vlan1 unassigned YES unset down down
Vlan20 192.168.2.1 YES manual down

 

You got 2 IP address Overlapping

 

for testing

 

interface Vlan20
No ip address 192.168.2.1 255.255.255.0

ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in

no shutdown

 

 

no access-list 1 permit 192.168.2.0 255.255.255.0

access-list 1 permit 192.168.3.0 255.255.255.0

 

Test - post ping results 8.8.8.8 along with below details ?

sho ip nat statistics

Show IP nat translation

Show ip route

show ip access-list

BB
*** Rate All Helpful Responses ***

View solution in original post

Highlighted

Hello

I think you need to check the physical connectivity between asus and rtr1 i see you have two switches interconnected 

Also why are you setting the wan interface of rtr1 to dhcp - is the asus supposed to be providing address allocation for rtr1 ?

lastly remove the static route from the rtr1 that static route relating to the svi 250 on the rtr1 so it isn’t required 

Confirm the physical connectivity please 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

View solution in original post

Highlighted

The output of show ip interface brief shows G5 using DHCP but with no IP address learned. That would also explain why default routes using G5 are not being installed in the IP routing table. We need to figure out the issue with DHCP on this interface.

HTH

Rick

View solution in original post

Highlighted
Beginner

Hi @Richard Burts and @paul driver 

Thank you so much! After I plug Cisco router gi5 direct to the TPLink Switch, it works!

Now, I can ping and tracert 8.8.8.8 from the PC plug to the Cisco switchport gi3

I cant get to any website or internet, i believe DNS or NAT is causing the issue?

Here is my config

 

ip dhcp pool pool1
import all
network 192.168.250.0 255.255.255.0
dns-server 75.75.75.75 ---> 8.8.8.8 it works now!!!
default-router 192.168.250.1
!
!
!
ip cef
no ipv6 cef


interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
switchport access vlan 250
switchport mode access
no ip address
!
interface GigabitEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet5
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan250
ip address 192.168.250.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
!
access-list 1 permit 192.168.250.0 0.0.0.255

 

Much appreciate everyone help! =D

And hope this can help someone using 900 ISR 

View solution in original post

Highlighted

Thanks for the update. On some devices no switchport does work and some devices it does not. So it looks like your device does not support this and you will need to assign interfaces to a vlan, configure the vlan interface to provide L3 functionality, and assign IP address to the vlan interface.

HTH

Rick

View solution in original post

23 REPLIES 23
Highlighted
VIP Mentor

Try change below config :

 

 

ip nat inside source list 1 interface GigabitEthernet5 overload
no ip nat inside source list list1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
no ip access-list standard list1
!
!
!
no access-list 1 permit 0.0.0.0 255.255.255.0

access-list 1 permit 192.168.2.0 255.255.255.0

 

see if that works ?

 

Also post show ip interface brief after change done and still not working.

BB
*** Rate All Helpful Responses ***
Highlighted

Hi BB,

 

Thank you for replying!

!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
!
!
access-list 1 permit 0.0.0.0 255.255.255.0

********************************************************

show ip interface brief

 

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0 unassigned YES unset down down
GigabitEthernet1 unassigned YES unset down down
GigabitEthernet2 unassigned YES unset down down
GigabitEthernet3 unassigned YES unset down down
GigabitEthernet4 unassigned YES manual down down
GigabitEthernet5 unassigned YES DHCP up up
NVI0 192.168.2.1 YES unset up up
Vlan1 unassigned YES unset down down
Vlan20 192.168.2.1 YES manual down

Highlighted
VIP Mentor

NVI0 192.168.2.1 YES unset up up
Vlan1 unassigned YES unset down down
Vlan20 192.168.2.1 YES manual down

 

You got 2 IP address Overlapping

 

for testing

 

interface Vlan20
No ip address 192.168.2.1 255.255.255.0

ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in

no shutdown

 

 

no access-list 1 permit 192.168.2.0 255.255.255.0

access-list 1 permit 192.168.3.0 255.255.255.0

 

Test - post ping results 8.8.8.8 along with below details ?

sho ip nat statistics

Show IP nat translation

Show ip route

show ip access-list

BB
*** Rate All Helpful Responses ***

View solution in original post

Highlighted

Hi BB,

 

Test Ping

R1(config)#int gi5
R1(config-if)#do ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

************************************************************************************

R1#sho ip nat statistics
*Oct 15 02:01:20.840: %SYS-5-CONFIG_I: Configured from console by console
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0
Outside interfaces:
GigabitEthernet5
Inside interfaces:
Vlan20
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 2] access-list 1 interface GigabitEthernet5 refcount 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

******************************************************************************************

Show IP nat translation

=\\ no output

*****************************************************************************************

R1#Show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

*****************************************************************************

R1#show ip access-list
Standard IP access list 1
10 permit 0.0.0.0, wildcard bits 255.255.255.0

*************************************************************************

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0 unassigned YES unset down down
GigabitEthernet1 unassigned YES unset down down
GigabitEthernet2 unassigned YES unset down down
GigabitEthernet3 unassigned YES unset down down
GigabitEthernet4 unassigned YES manual down down
GigabitEthernet5 unassigned YES DHCP up up
NVI0 192.168.2.1 YES unset up up
Vlan1 unassigned YES unset down down
Vlan20 192.168.2.1 YES manual down down

***********************************************************************

 

Thank you =]

 

Highlighted
VIP Expert

Hello,

 

the access list 1 is wrong, you need to use a wildcard mask (see line marked in bold). What is GigabitEthernet5 actually connected to, the ISP modem, the ASUS ?

 

interface GigabitEthernet3
switchport access vlan 20
switchport mode access
no ip address
!
interface GigabitEthernet4
ip address dhcp
duplex auto
speed auto
!
interface GigabitEthernet5
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan20
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
--> access-list 1 permit 192.168.2.0 0.0.0.255

Highlighted

Hi Georg,

 

Thanks for replying!

 

GigabitEthernet5 is connected to local network switch.

Asus is the router connected to the ISP modem in local network on DHCP.

 

Screenshot_1.jpg

** Correction - SG90D-05 is a Cisco hub, not switch.


interface Vlan20
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
!
!
access-list 1 permit 192.168.2.0 0.0.0.255

 

I tried your suggestion, still no connection.

Highlighted

Hello,

 

it was suggested by Balaji before that appparently, the ASUS is dishing out 192.168.2.0/24 addresses, which overlap with the IP addressing of Vlan 20. Did you change that ? Use the exact config below:

 

interface GigabitEthernet3
switchport access vlan 20
switchport mode access
no ip address
!
interface GigabitEthernet4
ip address dhcp
duplex auto
speed auto
!
interface GigabitEthernet5
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan20
--> ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
--> access-list 1 permit 192.168.3.0 0.0.0.255

Highlighted

Hi Georg,

Yes I did, but still  no connection.

 

interface GigabitEthernet3
switchport access vlan 20
switchport mode access
no ip address
!
interface GigabitEthernet4
ip address dhcp
shutdown
duplex auto
speed auto
!
interface GigabitEthernet5
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan20
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
!
!
access-list 1 permit 192.168.3.0 0.0.0.255

 

Highlighted

Hello,

 

can you ping anything on the Vlan 20 network from the ASUS ? Try and ping 192.168.3.1 from the ASUS, does that work ?

Highlighted

Hi George,

All 5 packet failed

I tried both gi3 and gi5

Screenshot_1.jpg

Highlighted

Hello,

 

make sure that ASUS has a route back to the 192.168.3.0/24 network. You probably have to add a static route to this network on the ASUS.

Highlighted

Hello

@Georg Pauwen  You wouldnt wont to apply a static route on the Asus for a network that suppose to be hidden by NAT from the ISR rtr

@T0mTheCat Suggest before you apply any NAT in fact remove it completely from the ISR router and then once removed test you connectivity from the ISR towards the Asus, make sure you have connectivity to/from the rtrs before you append any NAT.



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted

Hi Paul,

 

I did try setting it manually, however I still cant get any PING from the ASUS router to Cisco Router.

interface GigabitEthernet5
ip address 192.168.2.7 255.255.255.0
duplex auto
speed auto

Screenshot_2.jpg

Highlighted

Hi Georg,

 

So I reset the router and redo abit, however I still cant get any ping even from the ASUS router to Cisco Router

**************************************************************************

! Last configuration change at 09:14:07 UTC Fri Oct 16 2020
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
memory-size iomem 25
!
!
!
ip dhcp pool pool1
network 192.168.250.0 255.255.255.0
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated

!
redundancy
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
switchport access vlan 250
switchport mode access
no ip address
!
interface GigabitEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet5
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan250
ip address 192.168.250.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 192.168.250.0 255.255.255.0 192.168.2.1
!
!
!
access-list 1 permit 192.168.250.0 0.0.0.25

*******************************************************************

R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set <---------- not sure why my gateway is not set, i tried ip route 0.0.0.0 0.0.0.0 192.168.2.1 as well

192.168.250.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.250.0/24 is directly connected, Vlan250
L 192.168.250.1/32 is directly connected, Vlan250

*******************************************************************************************

Screenshot_1.jpg